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1 Overview 


Event-based simulation is a popular technique for predicting the behavior 
of digital circuits [8,10]. On the other hand, applicative denotational for¬ 
malisms, in which circuits are represented by functional equations with an 
explicit time variable, are becoming popular for other reasoning tasks, t.g. 
hardware description [9], verification [4,1], and automatic generation of simu¬ 
lator models [5]. Before an integrated CAD system is to use both approaches 
to modeling circuits (for different purposes), the different representations 
must be shown to contain equivalent information. For example, it would 
be unsatisfactory if a circuit were “verified” using one representation, but 
also found to be incorrect by the simulator, using a different representation. 
Such a problem could arise from two sources: 1) the verifier or simulator 
could contain bugs, or 2) each is correct, but the underlying representations 
are fundamentally inequivalent. The purpose of this paper is to address the 
latter issue. 

The approach used here is adapted from the literature on programming 
language theory, along the lines, for example, of [11]: define a mathematically 
precise meaning for the time function representation of a circuit and show 
that event-based simulation preserves this meaning. This approach has three 
steps. 

First, a clean abstraction of event-based simulators is defined, giving cir¬ 
cuits a clear operational semantics. It is hoped that the results proved with 
regard to this abstraction can be extended as necessary to cover a particular 
simulator. 

Second, circuits are given denotational meanings by associating with each 
a particular mathematical function, mapping timelines (value histories) to 
timelines. This captures the semantics of applicative formalisms such as the 
“time functions” of [1]. 

Third, the two meanings, operational and denotational, are shown to be 
equivalent. That is, simulating the circuit for a given set of input events 
calculates the value of applying the function denoted by the circuit to the 
corresponding input timeline vector. This leads to the stronger result that 
the denotational semantics is fully abstract with respect to the operational 
semantics; that is, two circuits give the same simulation results on all inputs 
if and only if they denote the same timeline function. 

This result has several applications. First, it shows that problems of the 
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second type mentioned above can not occur in a system using representa¬ 
tions based on the semantics given here. Second, it is useful in showing 
limitations of the the event-based formalism in modeling certain kinds of 
behaviors. Third, [5] describes a system which reasons denotationally to 
compose and simplify the functions of a circuit’s components in order to pro¬ 
duce a behavioral model for the circuit automatically. The equivalence of 
the representations is crucial to the soundness of the procedure. 

In the discussion to follow, the term “circuit” is used to refer to a math¬ 
ematical idealization of real circuits. It should be noted, however, that this 
idealization can be used to model many other real-time systems as well. 

Gordon [4] defines a least-fixed-point denotational semantics for clocked, 
synchronous circuits. A major difference between that approach and this one 
is that this approach is able to model arbitrarily small time delays. Due to 
the synchrony of Gordon’s model, he is able to define the meaning of a circuit 
as (essentially) a sequential (Mealy) machine. The current work is forced to 
more generality since input changes can happen arbitrarily close together in 
time. Gordon[4] does not address simulation issues. 

Amblard, et al [1] give a formalism whose semantics is similar to the 
timeline semantics, but they do not attempt to relate it to any operational 
model. They give a scenario illustrating how human designers could use the 
formalism to verify circuits. 

Meinen [9] gives an applicative formalism whose semantics is related to the 
present one. He makes reference to the automatic conversion of applicative 
descriptions to executable simulations, but does not address the connection 
between the two semantics. 


2 Time, Values, and Circuits 

The usefulness of the event-based simulation semantics presented here rests 
on three modelling assumptions: the context independence assumption re¬ 
quires that primitive components of the circuit have behaviors which are 
independent of the circuit in which they are used; the digital approximation 
assumes that it is possible consistently to map the observable values into a 
discrete set of values; and the non-zero width event assumption requires that 
changes in the discrete value of an observable persist for a positive duration. 

Times and durations are modeled by the set Q + of positive rationals. 
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That is, time starts at zero, but we may only observe the circuit values at 
positive rational times. The use of rationals instead of reals is a matter of 
convenience which simplifies some of the proofs. 

Discrete event simulation maps observables ( e.g . voltage) into a non¬ 
empty set S of values (“logic levels”). 

A circuit consists of a finite set of uniquely named nodes and a finite 
set of modules connected to the nodes through named ports. The node (an 
abstraction of “wire,” “bus,” “net,” etc.) is intended to represent a place 
which holds a value during the course of computation. A module represents 
a computing element with zero or more input ports and exactly one output 
port. As such it has a type which defines the input/output relationship 
(“function”). The connections associate nodes with ports of modules. No 
more than one output port may be connected to any single node. Nodes 
must have some port connected to them. Nodes with no output port 

connected will be referred to as circuit inputs, as they must be driven from 
the outside at all times. A node is termed an input to a module if some input 
port of the module is connected to the node. Similarly, a node is an output 
of a module if the output port of the module is connected to the node. 

Allowed modules are of two basic types. First, fix a convenient subset, T 
Q U*>o{/ | / : S fc —*■ S}. (Zero-ary functions are constants.) The first type 
of primitive module is a pair (/, e) € F x Q + . Intuitively, this represents 
the module which puts out f(x) to its output port at time t + e whenever 
its input ports have values x at time t. f t denotes a primitive module of this 
type, where / is a function identifier and e is a duration (delay). The second 
primitive type of module is the “perfect memory element.” Such a module 
type is denoted M(x, e), where x <= S and t 6 Q + . It has two input ports, s 
and a. Its output port is defined to produce at time t -f e the value of a at the 
most recent time u < t such that s 6 x a t time u. For example, Af({l}, 1.0) 
is an idealization of a D-flipflop with 1.0 unit of delay. 


3 Operational Semantics 

This section defines an event-based operational semantics for circuits. In 
particular, an effective evaluator, EVAL, is given which calculates the value 
of a given circuit node at a given simulated time in response to a given input 
specification. 
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A simulation program, p, is a quintuple ( w p , J p , I p , y p , t p ), where w p is the 
circuit to be simulated; J p is an initialization mapping which gives initial 
(time 0) values for all of the non-input nodes of w p , I p is a finite collection 
of all events which will ever occur on the input nodes of w p (it must contain 
exactly one time 0 event for each input); y p is the non-input node of w p whose 
simulated value we wish to measure at simulated time t p . 

This semantics is based on the idea of events occurring at given nodes 
at given times. An event is a triple (y,t,v), which represents the change of 
node y' s value to v at time t. The value of a node at any (simulated) time is 
simply the value of the most recent event for that node to occur before that 
time. 

When an event occurs at time t on an input node of a module of type 
f e with input nodes x, a new event is scheduled for the output node at time 
t + e with value /(x), where x refers to the new values of the inputs at time 
t. When an event occurs at either of the input nodes of a module of type 
then if the s input’s (new) value lies in x at t an event is scheduled 
at time t + e to set the output node to the (new) value of the a input at t. 

EVAL is defined as follows. A simulation program, p, defines an ab¬ 
stract machine, —* p , which operates on pairs (e, s) of (event-set, store), called 
machine-states. Intuitively, e represents the set of those events which are 
scheduled to happen on circuit nodes, but which have not yet occurred, s 
maps each node to the value of the most recent event to have occurred for that 
node. For any machine-state m, define cet(m), the current-event-time of m, 
as the minimum time of any event in e m . (If e m is empty, then cet(m) = oo.) 
Denote by ims(p) (initial machine-state) the pair (eo, s 0 ), where s 0 maps each 
non-input node, x, into J p (x) and each input node into the value of the time 
0 event for that node in I p . eg is I p augmented with events setting each 
non-input node to its J p value at time 0. 

Define prop Wp (N,s,t ), for N a set of nodes of w p , s a store for w p , and 
t G Q + , to be the set of events constructed as follows. For each module 
of type ft with input nodes {x,} and output node y such that for some i, 
X{ G N, form the event (y,t + e,f(s(xi),.. .,$(£*))). For each module of 
type M(x,S) with inputs x s and x a and output y such that at least one of 

x„ G N, if s(x 4 ) G x> th en form the event ( y , t + 5,s(x a )). 

Define (e, s) —* p (e', s') as follows. Let eo be the set of events in e with 
time cet(e,s). s' is s updated with new values for nodes having an event in 
e 0 . Let CN be the set of nodes, x, such that s'(x) ^ s(x). e' = (e — eo) U 
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5 ', cet(e, 5 )). 

—* p is applied iteratively, starting with ims(p), until the first 
machine-state, x, is reached with cet(x) > t p . At that point, evaluation 
terminates with EVAL(p) = s x (y p ). 

Theorem. EVAL is well-defined for all simulation programs. 

Proof. One shows by induction on —► steps that, once all of the (finitely 
many) input events are specified , the current-event-time of the intermediate 
machine-states strictly increases and is always an integer multiple of 8 > 0, 
where 8 is one over the least common denominator of the input event times 
and the delays in the circuit. t p must be reached after no more than \t p /8~\ 
steps. Note that 8 depends on the input events, so the circuit alone is not 
just equivalent to a Mealy machine with clock period 8. □ 


4 Denotational Semantics: S 

This section defines a semantical structure, E, together with a meaning map¬ 
ping, [[•]], which associates denotations with circuits. 

A half-timeline on S is defined to be a map p : Q + —> S which is piecewise 
constant and obeys the right-hand endpoint convention. That is, for every 
point t <= Q + , there is a 8 > 0 such that p is constant on [t — $,<]. We 
also assume that for every a > 0, there are a finite number of transition 
points of p in the interval (0, a). Denote the set of all half-timelines on S by 
H X (S). (When the choice of S is clear from context, the explicit reference to 

5 may be omitted.) It should be clear that, for any k > 0, there is a natural 
isomorphism between (H 1 (S)) fc , the A;-fold cross-product of H X (S) with itself, 
and the set H X (S*). We shall therefore make no distinction between the two. 
For any k > 0, let H fe (S) denote the set H^S*). 

The use of value timelines (in various slightly different forms) to model 
real-time behavior is ubiquitous in the literature on real-time programs and 
not uncommon in the literature on circuits [2,3,7]. Most use a discrete time 
domain, rather than the rationals or reals. (Meinen [9] uses the reals, but 
also assumes there is a global “minimum cycle time,” making the model 
equivalent to a discrete time domain.) 

Definition. For m, n > 0, a function / : H m —► H n is said to be causal if 
and only if there exists a positive rational £/ such that the following holds. 
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For p, p' € H" 1 and for all t > 0, 


3v € (0 ,t + e f ].fp(v) ^ fp'(v) =» 3tx € (0 ,t].p(u) ^ p'(u). 

For m, n > 0, let CF m_,n denote the set of all causal functions / : H m —► H n . 
CF 0->n is identified with H". 

Definition. E = def (Q + , S,U* >0 H*, U m >o,„> 0 CF ,7wn ). 

Let 7T,- : S k —> S denote the projection onto the ith coordinate. This 
induces a (non-causal) function 7T,' : H fc —► H 1 pointwise. Suppose p 6 
H m , p' € H". Let [p, p'\ denote that element of H m+n whose value at any t 
has first m components equal to those of p(t) and last n components equal to 
those of p'(t). Similarly, if / G CF k ^ m ,g € CF fc_ * n , let [f,g]p = def [fp,9P\- 
The following facts are immediate. 

Lemma. 

• If / is causal, then 7r,/ is causal for any i. 

• If /, g are both causal, then f[g, id] is causal, where id is the identity 
function on the appropriate H* to make the argument to / be of the 
correct type. Similarly, /[id, g] is causal. 

• If / € CF* ->m ,flr G CF* - "" are causal, then [f,g] is causal. 

• Let / € CF m->n . Then for any k > 0, there exists a unique extension 

/ € CF m+A ~ n , such that for all p € 6 H k J[p,p') = fp. 

□ 

Definition. Let t € Q + . Define H fc t , the set of all t-initial half-timelines on 
S k , as 


{p t : (0,t] - S* | 3(p e H*).V(0 < u < t).p{u) = p t {u)} 

If / € CF m-> ", then let f t denote the pointwise-induced function f t : H m t —> 
H n <. That is, f t pt(s ) = fp(s ) for all 0 < s < t. 
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Lemma. Let / 6 CF m->n . Then for all t (E Q + , / induces a function 
ft : H m ( -► H n t+e/ , by setting 

ftPt = ( fp)t+cf> 


where p is any extension of p t . 

Proof. Let p, p' be any extensions of p t . Since / is causal, fp agrees with 
fp' for all times less than or equal to t + ej. □ 

Theorem (Fixed Point Theorem). Let / € CF n_>n . There exists a 
unique p 6 H", denoted /i/, such that p = fp. 

Proof: The plan is to show that for any t €■ Q + , there is a unique t-initial 
half-timeline, p t , which satisfies p t = ftPt, and that all such agree on their 
areas of overlap. That done, we simply define p to be the unique half-timeline 
which agrees with all of them. That is, for any t, let p(t) be the common 
value at t of all the (t + 6)-initial half-timelines, for S > 0. This is certainly 
unique; that it satisfies the axioms for being a half-timeline is easily seen to 
be inherited from the ^-initial ones from which it is constructed. 

First, if there exists a unique such ^-initial half-timeline for every i, then 
they must all agree on their areas of overlap. Suppose p t satisfies the equa¬ 
tion, and />' also satisfies, and s < t. But then p s must also satisfy, since 
p t satisfies pointwise for all times less than or equal to t. By the unique¬ 
ness property, we see p' t — p a . Thus, the original two agree on their area of 
overlap. 

Now, suppose t < tf. Then since / is causal, f t must be a constant 
function. Clearly, (/ ( i/ t ) = ftift^t) for any v, and f t v t is the unique such 
solution. 

Now, let t = ke^ k > 1 an integer, and suppose it is the case that for 
every u < i there exists a unique p u satisfying the equation at time u. Let 
v e (t,t + €/]. Define p v = f v _ e/ p v _ C/ . 

Clearly, p v = ( fp) v — f v p v , from the definitions. Is p v the unique solu¬ 
tion? For any solution p' v of the equation, we have 

Pv = fvPv = (fP )v = fv-tjPv-cjl 

where p' v _ c must also satisfy the equation at time v—ej. But by the induction 
hypothesis, p' v _ e — p v -t r Plugging that into the above, we see that p' v — p v . 
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Since v was arbitrary in the half-open interval ( kej,(k + l)c/], we have 
verified the induction hypothesis for all times less than or equal to (k + l)e/, 
and the induction is complete. □ 


Before assigning meanings, it is useful to show that causal functions are 
closed under finite wiring diagram composition. This is the sort of compo¬ 
sition one finds in a circuit: normal functional composition, together with 
fixed point operations as required by feedback loops. 


Definition. Given {/,• G CF m+n->1 j 1 < i < m}, let F = [/i,...,/ m ]> the 
“vectorization” of the f;. (F is causal by a previous Lemma.) Define 0« /» : 
H n —> H m , the wiring diagram composition of the {/,}, by (O»/«)( I/ ) = 

KF [Id, •'])■ 


Lemma. Let F G CF m+n->m ; t>, v' G H n such that u t = v' t for some t G Q + . 
Let p = (Oi(niF))v and p' = ( Oi{niF))v Then p t = p' t . 

Proof: p t = (F[Id, v))tPt = F t [p t ,v t \ = F t \pt,v§ = (F[Id, v%p t . However, 
p' t is the unique solution to the fixed-point equation for (F[Id, i/]) t (see proof 
of Fixed Point Theorem). Thus, p t = p\. Q 


Theorem (Wiring Diagram Composition). Let /j € CF m+n_tl , for 
i = 1... m. Then ©,• fi € CF n ^ m . 

Proof: Let t € Q + , and suppose v, v' G H" agree on their ^-initial segments. 
Let p = (0^ /,>, p' = (O,- and F = \fi, ..., / m ]. Then 


Pt+c F — 


(F[p, ^])t+ tF 
Ft[p, »]t 

FAp'y)t 

(F[P ', W 
/ 

r t+CF 


\p is a fixed point 
;def of F t 

;previous Lemma and hypothesis 
;def of F t 

\p' is a fixed point 


□ 


Meanings are assigned in S to initialized circuits, ( w , J), as follows. Sup¬ 
pose w has m non-input nodes and k input nodes. Order the nodes via the 
function o : nodes —► {1... m + k}, letting the non-inputs come before the in¬ 
puts. Each primitive module in (w, J ) has a natural interpretation as a causal 
function. If it is of type f t and its output node is y, then let c 0 ( y j, the causal 
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function for the module driving node y, be given by (c 0 ^p)(t) = f(p(t — e)) 
if t > e, J(y) otherwise. If the module driving node y is of type M(x,e), 
then {c 0 ( y )[p a , p a ])(t) = p a (u), where u, if it exists, is the most recent time 
<t — t such that p a {u) €E x> if « does not exist, then c 0 ( y ) has value J(y). 

Definition, [[(to, J)]] : H* —► H m is defined to be O. c,\ 

Corollary, [[(to, J)]] 6 CF* - *” 1 . Q 

Definition. For a simulation program, p, define 

[Ip]] = *4)]])([[ / P ]])(<r) J 

where [[/ p ]] is the obvious timeline vector constructed from the event-set I p . 

5 Connections 

Theorem (Computational Adequacy). For any simulation program p, 

M = eval ( p ). 

Proof. It suffices to show that there is some p tp such that ir 0 ( yp )Pt p (t p ) — 
EVAL(p) and p tp = C tp [p tp , [[I p }\ tp \, where C = [c x ,..., c m ]. 

Suppose ims(p)—* p *x. Define h p (x), the event-history for p at x, in¬ 
ductively as follows. h p (ims(p )) = cet-events(e, ma ( p )), where cet-events(e) 
is defined to be the set of events of e with time cet(e). If x'—t p x then 
h p (x) = h p (x') U cet-events(e a: ). 

For any simulation program p define the function val p : nodes x (0, t p ] —* S 
as follows. Let x be the machine-state whose cet is mini m um , but greater 
than or equal to t p , such that ims(p)—+ p *x. Then val p (y, t) is the value part 
of the latest event for y in h p (x) whose time is strictly less than t. (It is 
easy to see via induction on —* p steps that h p (x ) is simply a record of all 
events which have occurred with times less than or equal to t p .) It follows 
from the definition of EVAL that val P (y,t p ) = s x (y ) = EVAL(p). Moreover, 
val p defines a t p -initial half-timeline by vectorizing the individual functions 
valp(y, •) in the order o. 

Thus, it suffices to show for each non-input node y (with associated mod¬ 
ule m whose inputs are the nodes xf) 

val p (y, •) = c y (val p (x 1 , •),.. .)• 
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The only way c y could fail to be satisfied at some time is if an event occured 
that changed an input or output node to an incompatible value. But when¬ 
ever an input event occurs, prop Wp dictates that an output event be scheduled 
at exactly the correct delay to maintain consistency of the constraint. Con¬ 
versely, output events are scheduled only as results of input events; hence, 
the output event must maintain consistency with c y . □ 

This theorem shows that the value denoted by a simulation program 
is always the same as that computed by the event-based simulation. This 
allows us to reason about a simulation using the denotations of the circuits, 
instead of thinking about how the simulator will propagate events. This is 
most useful as a means to proving the stronger result (below) that a pair of 
initialized circuits (as distinct from their uses in simulation programs) are 
behaviorally equivalent if and only if they are denotationally equivalent. 

Theorem (Full Abstraction). Suppose that ( w,J ) and have the 

same set of inputs. Then 

V7V*.EVAL(u>, J, 7, y, t) = EVAL(u)', J', 7, y', t) 

if and only if 

7 r 0(y) [[(u;, J)]] = 7r 0 » (y /)[[(u/, J')]]- 

Proof. (Only if) The values of causal functions on inputs with infinitely 
many value changes must be compatible with their values on inputs having 
finitely many value changes. (This is because there exists an eventually 
constant completion of any f-initial segment of a half-timeline. The f-initial 
segment of the value of the causal function is not affected by the difference in 
the tail of the input timeline.) The hypothesis and computational adequacy 
imply that the two functions are equal on all inputs with only finitely many 
value changes. 

(If) This direction follows immediately from computational adequacy and 
the definition of meaning of simulation programs, q 

Theorem (Modularity). Let Cl ,... ,c k+m +n € CF k+m+n+M , and let s € 
C F n+, ^ k+m be defined by s = 0;=i...*+m c,-. Denote by w € CF'^* +m+n the 
function 0,=i..jk+m+n c i • Suppose that c fc+m+1 ,..., c fc+m+n do not depend on 
the first k components of the timeline vector. Then 

(^’A+l^’S) 0 • • • © (fl’fc+m^'S) QlJCk+m+1 O • • • © 7]Ck+m+n = fak+ l^j • • • > ^’A+m+n^]? 
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where Os e CF m+n+,- * fc+m is defined by Os(p) = s[7r m+1 />,..., ir m+n+ j/>], and 
T}Ck+m+i € CF is defined by T)Clc+m+i(p) — Cfc+m+tf*? •••>*? "K\Pi • • • i ^’m+n+Z/*]- 

(* denotes some (any) particular timeline.) 

Proof. This follows immediately from the uniqueness of fixed-points. □ 

This just says that the function of a subcircuit is preserved in the context 
of a larger circuit, and that “internal” nodes of the subcircuit (nodes 1... k 
above) are important only to the subfunction. 

Corollary. Replacement of a subcircuit by a denotationally equivalent im¬ 
plementation has no effect on overall circuit behavior, q 

6 Extension: Zero-delay 

It is not difficult to extend these results to cover circuits containing primitive 
modules with zero delay from input to output, assuming the circuits contain 
no zero-delay feedback loops. The functions obtained are no longer necessarily 
causal functions, of course, but one can still show that if the simulator orders 
the processing of events properly, the evaluation will yield the unique, correct 
solution to the recursion equations. This larger class of functions, however, 
is not closed under arbitrary composition, because it is possible to connect 
legal zero-delay subcircuits into a zero-delay feedback loop. 

The problem with allowing zero-delay loops in circuits is illustrated by 
an example: the circuit with two zero-delay inverters connected in a ring, 
initialized with its two nodes at opposite logical values. Since zero-delay 
circuits are idealizations of circuits with positive delay (which have non¬ 
trivial behaviors), one presumably wishes the simulator to stop propagating 
events once all the node values are consistent, allowing simulation to proceed. 

In terms of denotational semantics, however, the fixed-point equation 
corresponding to this circuit has infinitely many solutions. (All timelines 
satisfy y(t) — -<~'y(t) for all t.) But then the semantics is no longer fully 
abstract: the simulator fails to compute all of the possible behaviors of the 
circuit. 

(Gordon, 1981) defines a denotational semantics for circuits which models 
zero-delay loops. Any zero-delay loop denotes X, the symbol for divergence. 

This is correct in the case of, for example, a 1-inverter ring, as one would 
expect the simulation to fail to halt in that case. Unfortunately, the 2-inverter 
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ring also denotes _L, and hence Gordon’s (1981) denotational semantics fails 
to be computationally adequate for a simulator which converges on the 2- 
inverter circuit. 

The lack of full abstraction due to zero-delay loops can cause problems to 
systems which use both a simulator representation and a denotational repre¬ 
sentation. Consider a system which manipulates circuit designs by replacing 
subcircuits with different implementations to achieve some performance im¬ 
provement. Suppose that it is allowed to replace one subcircuit by another 
if the two denote precisely the same set of timeline functions. This would 
allow it to replace a two-inverter loop, with nodes a and b initialized to 
{(a, 0), (6,1)}, by a two-inverter loop initialized to {(a, 1), (6,0)}. These cir¬ 
cuits have precisely the same set of fixed points, namely H 1 . On the other 
hand, our simulator evaluates these quite differently: the first produces a 
constant 1 for all times, the second produces a constant 0. Thus, the system 
could make a transformation which failed to preserve operational behavior. 

It may be possible to find a denotational semantics for circuits which is 
fully abstract for the zero-delay loop simulator, but that is beyond the scope 
of this paper. 

7 Applications 

The applicative denotational formalisms, for which E provides a precise 
mathematical meaning, seem to be well-suited to various forms of reason¬ 
ing about circuits, both by humans and machines [1,4,9]. In particular, they 
are highly local and make explicit the relevant time dependencies between 
values [5], properties crucial to reasoning about the function of circuits. On 
the other hand, event-based simulation is well established as a useful tech¬ 
nique for predicting the behavior of circuits. The results in this paper provide 
a formal proof that designers can employ tools which use these different rep¬ 
resentations and still obtain coherent results. This is the chief contribution 
of this paper. 

Another important contribution, however, is that the denotational se¬ 
mantics can be used to better understand the computational technique of 
event-based simulation. For example, it is well-known that modeling certain 
low-level circuit devices, like MOS transistors and bi-directional buses, is 
difficult and seems to require additional simulator formalism (such as extra 
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Figure 1: A pair of buses connected together, hopefully to form a larger bus. 

port types in addition to just “input” and “output”). Using the denota- 
tional semantics, one can prove that certain devices can not be modeled in 
the event-based formalism given here. 

To illustrate the technique, consider a modeling scheme in which node 
values have a strength aspect, “driven” or “undriven,” in addition to a logical 
value. (This is sometimes done to handle stored charge.) “Driven” means 
roughly that the node is connected to a power source, while “undriven” means 
the node is merely storing charge. More precisely, suppose there exists a 
function, p : S —► {0,1}, such that ps = 1 if and only if 5 stands for a 
driven value. Note that S may have more than two elements; even infinitely 
many. 

The question is, does their exist some S and some circuit, expressed as 
a combination of the given primitives, that models the behavior of a bi¬ 
directional bus? We will show that the answer is no by stating the axioms 
we wish the bus to obey and then showing them to be inconsistent with the 
structure equation for the circuit shown in Figure 1. We choose the following 
bus axioms. 

• The bus should have two inputs, a and b, and one output, y. y should be 
driven at time t if input a is driven at time t— c x or if b is driven at t-e 2 , 
or both. More precisely, if y = f(a, 6), then pf(a,b ) = OR (1 ,e 2 (pa, pb), 
where e l5 c 2 > 0. 

• When two buses are connected together, as shown in Figure 1, the con¬ 
glomerate should act as one bus, possibly with different delays. That 
is, denoting the overall function (as seen at output y in the figure) by 

/', we have P/'K b) = OR e3 , u (pa,pb). 

• From the structure of the circuit, we can also derive the equation 
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f'(a,b) = f(aj(b,f'(a,b))). 

It will suffice for this argument to assume that pb(t) = 0 for all t. Using 
this assumption to substitute and simplify the equations above, it is not 
difficult to derive the equation 

z tzijP a ) = 0R £lj 2e2+£ 3 (pO) Pfl)? 

where z c (y)(t) is defined to be y(t — e). But this clearly does not hold for 
all choices of a: let a be driven for some interval and then go to undriven 
thereafter. Thus, the bus axioms are inconsistent with the structure axioms, 
and so no such / and /' can exist which model the bus in this way. 

8 Summary and Conclusions 

This paper has defined an event-based operational semantics for circuits and 
a fully abstract denotational semantics, E, based on causal functions on 
timelines. The principle results are 

• Causal functions on half-timelines satisfy the following. 

— For all n > 0, every function in CF n->n has a unique fixed point. 

— Causal functions are closed under arbitrary finite composition ( i.e. 
arbitrary wiring diagrams). 

• EVAL always terminates. 

• E is computationally adequate and fully abstract for simulation in that 
two initialized circuits behave the same if and only if they denote the 
same function. 

• A circuit behaves the same way when embedded in a larger circuit as 
it does in isolation. 

• Extension to Zero-delay elements: Computational adequacy is lost if 
zero-delay loops are allowed, but a kind of extension is possible if such 
loops are disallowed. 
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The previous section discussed the principle uses of these results: they 
give a formal justification for using different representations of circuits in 
the same CAD system, and they provide insight into the limitations and 
applications of the event-based computational technique. Future research 
questions include 

• How can this semantics be extended to capture bi-directional busses, 
pass transistors and other low level elements? 

• Currently, the formalism allows only primitive functions with fixed de¬ 
lays from inputs to output. This is no loss of generality if S is finite, 
but if we allow S to be infinite, can we extend the results to primitives 
with variable delay? Can we then extend it to capture the semantics 
of real-time computer networks [6,3]? 
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